Description
A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used.
Problem types
Product status
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.1.15
1.1.16
1.1.17
1.1.18
1.1.19
1.1.20
1.1.21
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.1.27
1.1.28
1.1.29
1.1.30
1.1.31
1.1.32
1.1.33
1.1.34
1.1.35
1.1.36
1.1.37
1.1.38
1.1.39
1.1.40
1.1.41
1.1.42
1.1.43
1.1.44
1.1.45
1.1.46
1.1.47
1.1.48
1.1.49
1.1.50
Timeline
| 2026-06-05: | Advisory disclosed |
| 2026-06-05: | VulDB entry created |
| 2026-06-05: | VulDB entry last update |
Credits
kkff33 (VulDB User)
References
vuldb.com/vuln/368882 (VDB-368882 | D-Link DWR-M920 formIMEISetup sub_412DA0 os command injection)
vuldb.com/vuln/368882/cti (VDB-368882 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-11341 (CVE-2026-11341 | CVE Analysis and Report)
vuldb.com/submit/832593 (Submit #832593 | D-Link DWR-M920 1.1.50 Command Injection and Stack Buffer Overflow)
github.com/7u7777/Dlink/blob/DWR-M920/formIMEISetup.md
www.dlink.com/